diff options
Diffstat (limited to 'src/plugins/kdb')
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/test/dbtest.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c | 5 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c | 61 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 25 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 24 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 59 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 15 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 48 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c | 107 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c | 5 |
14 files changed, 123 insertions, 248 deletions
diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c index d479f19..b0aee70 100644 --- a/src/plugins/kdb/db2/libdb2/test/dbtest.c +++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c @@ -163,7 +163,7 @@ main(argc, argv) p = getenv("TMPDIR"); if (p == NULL) p = "/var/tmp"; - (void)sprintf(buf, "%s/__dbtest", p); + (void)snprintf(buf, sizeof(buf), "%s/__dbtest", p); fname = buf; (void)unlink(buf); } else if (!sflag) diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c index 6a3b432..34397ec 100644 --- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c +++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c @@ -82,7 +82,7 @@ main(argc, argv) #endif info.lorder = 0; if (!(db = dbopen("bigtest", O_RDWR | O_CREAT | O_BINARY, 0644, DB_HASH, &info))) { - sprintf(buf, "dbopen: failed on file bigtest"); + snprintf(buf, sizeof(buf), "dbopen: failed on file bigtest"); perror(buf); exit(1); } @@ -96,10 +96,10 @@ main(argc, argv) content.size = 128 + (rand()&1023); /* printf("%d: Key size %d, data size %d\n", i, key.size, content.size); */ - sprintf(keybuf, "Key #%d", i); - sprintf(contentbuf, "Contents #%d", i); + snprintf(keybuf, sizeof(keybuf), "Key #%d", i); + snprintf(contentbuf, sizeof(contentbuf), "Contents #%d", i); if ((db->put)(db, &key, &content, R_NOOVERWRITE)) { - sprintf(buf, "dbm_store #%d", i); + snprintf(buf, sizeof(buf), "dbm_store #%d", i); perror(buf); } } diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c index 972176c..e794e61 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c @@ -874,8 +874,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; } diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 83eb162..b7e5534 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1991,7 +1991,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 1260131..9f7caa0 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -85,9 +85,11 @@ static int process_host_list(char **host_list, int servicetype) /* Parse for the protocol string and translate to number */ strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN); if (!strcmp(proto_str, "udp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_UDP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_UDP); else if (!strcmp(proto_str, "tcp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_TCP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_TCP); else proto_str[0] = '\0'; /* Make the string null if invalid */ @@ -109,27 +111,32 @@ static int process_host_list(char **host_list, int servicetype) and port values if they are absent or not matching */ if (servicetype == LDAP_KDC_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_KDC); if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_KDC); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC); } else if (servicetype == LDAP_ADMIN_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); else if (strcmp(proto_str, "1")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); /* Print warning message */ printf ("Admin Server supports only TCP protocol, hence setting that\n"); } if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_ADM); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM); } else if (servicetype == LDAP_PASSWD_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); else if (strcmp(proto_str, "0")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); /* Print warning message */ printf ("Password Server supports only UDP protocol, hence setting that\n"); @@ -1538,7 +1545,6 @@ kdb5_ldap_set_service_password(argc, argv) unsigned int passwd_len = 0; krb5_error_code errcode = -1; int retval = 0, i = 0; - unsigned int len = 0; krb5_boolean print_usage = FALSE; FILE *pfile = NULL; char *str = NULL; @@ -1667,23 +1673,17 @@ kdb5_ldap_set_service_password(argc, argv) memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1); passwd_len = MAX_SERVICE_PASSWD_LEN; - len = strlen(service_object); - /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */ - prompt1 = (char *)malloc(len + 20); - if (prompt1 == NULL) { + if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(prompt1, "Password for \"%s\"", service_object); - /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */ - prompt2 = (char *)malloc(len + 30); - if (prompt2 == NULL) { + if (asprintf(&prompt2, "Re-enter password for \"%s\"", + service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); free(prompt1); goto cleanup; } - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); free(prompt1); @@ -1718,19 +1718,15 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } /* Password = {HEX}<encrypted password>:<encrypted key> */ - encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + - 1 + 5 + hex.length + 2); - if (encrypted_passwd.value == NULL) { + if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) { com_err(me, ENOMEM, "while setting service object password"); memset(passwd, 0, passwd_len); memset(hex.data, 0, hex.length); free(hex.data); goto cleanup; } - encrypted_passwd.value[strlen(service_object) + - 1 + 5 + hex.length + 1] = '\0'; - sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data); - encrypted_passwd.len = strlen((char *)encrypted_passwd.value); + encrypted_passwd.data = (unsigned char *)str; + encrypted_passwd.len = strlen(str); memset(hex.data, 0, hex.length); free(hex.data); } @@ -1806,12 +1802,10 @@ kdb5_ldap_set_service_password(argc, argv) mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w+"); @@ -1832,7 +1826,6 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } } else { - len = strlen(line); if (fprintf(newfile, "%s", line) < 0) { com_err(me, errno, "Failed to write service object password to file"); fclose(newfile); @@ -1998,12 +1991,12 @@ done: /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */ assert (sizeof (prompt1) > (strlen (service_object) + sizeof ("Password for \" \""))); - sprintf(prompt1, "Password for \"%s\"", service_object); + snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object); /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */ assert (sizeof (prompt2) > (strlen (service_object) + sizeof ("Re-enter Password for \" \""))); - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); + snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object); ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); if (ret != 0) { @@ -2082,13 +2075,11 @@ done: mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); fclose(pfile); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w"); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 06eeee4..08a87fe 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -393,32 +393,17 @@ krb5_error_code krb5_ldap_open(krb5_context context, goto clean_n_exit; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto clean_n_exit; } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); - free (opt); - free (val); - status = ENOMEM; - goto clean_n_exit; - } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + free(ldap_context->root_certificate_file); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 02589b5..c71d9e5 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -198,32 +198,16 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) goto cleanup; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto cleanup; } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); - free (opt); - free (val); - status = ENOMEM; - goto cleanup; - } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index b864f4b..79ca634 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -1499,7 +1499,7 @@ static inline char * format_d (int val) { char tmpbuf[2+3*sizeof(val)]; - sprintf(tmpbuf, "%d", val); + snprintf(tmpbuf, sizeof(tmpbuf), "%d", val); return strdup(tmpbuf); } @@ -1655,14 +1655,12 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr, goto cleanup; } - filter = (char *) malloc (strlen (refattr) + strlen (ptr) + 2); - if (filter == NULL) { + if (asprintf (&filter, "%s=%s", refattr, ptr) < 0) { + filter = NULL; st = ENOMEM; goto cleanup; } - sprintf (filter, "%s=%s", refattr, ptr); - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index d0b7aa1..4a3d37f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -143,7 +143,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) krb5_db_entry entry; krb5_principal principal; char **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL; - unsigned int filterlen=0, tree=0, ntree=1, i=0; + unsigned int tree=0, ntree=1, i=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; @@ -174,11 +174,9 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) if (match_expr == NULL) match_expr = default_match_expr; - filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1; /* 2 for closing brackets */ - filter = malloc (filterlen); + if (asprintf(&filter, FILTER"%s))", match_expr) < 0) + filter = NULL; CHECK_NULL(filter); - memset(filter, 0, filterlen); - sprintf(filter, FILTER"%s))", match_expr); if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0) goto cleanup; @@ -385,52 +383,17 @@ cleanup: krb5_error_code krb5_ldap_unparse_principal_name(char *user_name) { - char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL; - int l=0; - krb5_error_code st=0; + char *in, *out; - if (strstr(user_name, "\\@")) { - - tmp_princ_name = strdup(user_name); - if (!tmp_princ_name) { - st = ENOMEM; - goto cleanup; - } - tmp = tmp_princ_name; - - princ_name = (char *) malloc (strlen(user_name)); - if (!princ_name) { - st = ENOMEM; - goto cleanup; - } - memset(princ_name, 0, strlen(user_name)); - - l = 0; - while (*tmp_princ_name) { - if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) { - tmp_princ_name += 1; - } else { - *(princ_name + l) = *tmp_princ_name++; - l++; - } - } - - memset(user_name, 0, strlen(user_name)); - sprintf(user_name, "%s", princ_name); - } - -cleanup: - if (tmp) { - free(tmp); - tmp = NULL; + out = user_name; + for (in = user_name; *in; in++) { + if (*in == '\\' && *(in + 1) == '@') + continue; + *out++ = *in; } + *out = '\0'; - if (princ_name) { - free(princ_name); - princ_name = NULL; - } - - return st; + return 0; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 12f0dd3..f9e9dea 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -624,7 +624,8 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; - sprintf(errbuf, "'%s' not found: ", xargs.containerdn); + snprintf(errbuf, sizeof(errbuf), "'%s' not found: ", + xargs.containerdn); prepend_err_str(context, errbuf, st, ost); } goto cleanup; @@ -641,10 +642,10 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } CHECK_NULL(subtree); - standalone_principal_dn = malloc(strlen("krbprincipalname=") + strlen(user) + strlen(",") + - strlen(subtree) + 1); + if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s", + user, subtree) < 0) + standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); - sprintf(standalone_principal_dn, "krbprincipalname=%s,%s", user, subtree); /* * free subtree when you are done using the subtree * set the boolean create_standalone_prinicipal to TRUE @@ -1072,7 +1073,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) /* a load operation must replace an existing entry */ st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal delete failed (trying to replace entry): %s", + snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); @@ -1082,7 +1083,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } } if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; @@ -1119,7 +1120,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "User modification failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index fd410e2..d41ffa3 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -288,7 +288,7 @@ krb5_ldap_delete_realm (context, lrealm) assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") + strlen (realm) + 2 /* "*@" */ + 1); - sprintf (filter, "(krbprincipalname=*@%s)", realm); + snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm); free (realm); /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */ @@ -643,8 +643,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldkdcservers[i]; ++i) if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error removing 'krbRealmReferences' from %s: ", - oldkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ", + oldkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -654,8 +654,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newkdcservers[i]; ++i) if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - newkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -680,8 +680,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldadminservers[i]; ++i) if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -691,8 +691,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newadminservers[i]; ++i) if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -716,8 +716,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldpasswdservers[i]; ++i) if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -727,8 +727,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newpasswdservers[i]; ++i) if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -995,9 +995,10 @@ krb5_ldap_create_realm(context, rparams, mask) realm_name = rparams->realm_name; - dn = malloc(strlen("cn=") + strlen(realm_name) + strlen(ldap_context->krbcontainer->DN) + 2); + if (asprintf(&dn, "cn=%s,%s", realm_name, + ldap_context->krbcontainer->DN) < 0) + dn = NULL; CHECK_NULL(dn); - sprintf(dn, "cn=%s,%s", realm_name, ldap_context->krbcontainer->DN); strval[0] = realm_name; strval[1] = NULL; @@ -1136,8 +1137,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_KDCSERVERS) for (i=0; rparams->kdcservers[i]; ++i) if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->kdcservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->kdcservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1147,8 +1148,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_ADMINSERVERS) for (i=0; rparams->adminservers[i]; ++i) if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->adminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->adminservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1158,8 +1159,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_PASSWDSERVERS) for (i=0; rparams->passwdservers[i]; ++i) if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->passwdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->passwdservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1242,12 +1243,11 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask) krbcontDN = ldap_context->krbcontainer->DN; - rlparams->realmdn = (char *) malloc(strlen("cn=") + strlen(lrealm) + strlen(krbcontDN) + 2); - if (rlparams->realmdn == NULL) { + if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) { + rlparams->realmdn = NULL; st = ENOMEM; goto cleanup; } - sprintf(rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN); /* populate the realm name in the structure */ rlparams->realm_name = strdup(lrealm); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c index aed6de8..23bb3db 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c @@ -322,12 +322,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt for (i=0; strcmp(security_container[i][0], "") != 0; i++) { - seccontacls[0] = (char *)malloc(strlen(security_container[i][0]) + - strlen(serviceobjdn) + - strlen(security_container[i][1]) + 1); - - sprintf(seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, - security_container[i][1]); + asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, + security_container[i][1]); seccontclass.mod_values = seccontacls; seccontarr[0] = &seccontclass; @@ -351,10 +347,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt krbcontclass.mod_type = "ACL"; for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) { - krbcontacls[0] = (char *)malloc(strlen(kerberos_container[i][0]) + strlen(serviceobjdn) - + strlen(kerberos_container[i][1]) + 1); - sprintf(krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, - kerberos_container[i][1]); + asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, + kerberos_container[i][1]); krbcontclass.mod_values = krbcontacls; krbcontarr[0] = &krbcontclass; @@ -373,20 +367,15 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } /* Construct the realm dn from realm name */ - realmdn = (char *)malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op = LDAP_MOD_ADD; realmclass.mod_type = "ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *)malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -405,11 +394,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -428,11 +414,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) { - realmacls[0] = (char *) malloc(strlen(pwdrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -462,11 +445,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) + - strlen(serviceobjdn) + - strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -488,11 +468,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -514,11 +491,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *)malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -632,21 +606,15 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s /* Set the rights for the realm */ if (mask & LDAP_REALM_RIGHTS) { - /* Construct the realm dn from realm name */ - realmdn = (char *) malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op=LDAP_MOD_DELETE; realmclass.mod_type="ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -665,11 +633,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -688,11 +653,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0]=(char *)malloc(strlen(pwdrights_realmcontainer[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -723,11 +685,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -748,11 +707,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -773,11 +729,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index f3cf219..3c2fbac 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -198,7 +198,7 @@ tohex(in, ret) ret->data[ret->length] = 0; for (i = 0; i < in.length; i++) - sprintf(ret->data + 2 * i, "%02x", in.data[i] & 0xff); + snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff); cleanup: diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c index 3bd5e90..11f78ef 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c @@ -148,8 +148,9 @@ krb5_ldap_create_service(context, service, mask) for (i=0; service->krbrealmreferences[i]; ++i) { if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr, service->servicedn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - service->krbrealmreferences[i]); + snprintf (errbuf, sizeof(errbuf), + "Error adding 'krbRealmReferences' to %s: ", + service->krbrealmreferences[i]); prepend_err_str (context, errbuf, st, st); /* delete service object, status ignored intentionally */ ldap_delete_ext_s(ld, service->servicedn, NULL, NULL); |